Vynt

Privacy Policy

Privacy Policy

Brand: Vynt
Website: https://usevynt.com
Effective date: April 1, 2026

This Privacy Policy explains how Vynt ("we", "us", or "our") collects, uses, discloses, stores, and otherwise processes personal data in connection with Vynt, a software-as-a-service platform for financial analysis, valuation modelling, financial statement analysis, company and folder management, report exports, and third-party data integrations.

1. Scope of this Policy

This Policy applies to personal data processed by Vynt when we act as a controller, including in connection with:

  • our website and product pages;
  • demo requests, sales conversations, onboarding, and trial access;
  • account creation, authentication, account administration, and billing;
  • customer support, communications, surveys, webinars, and events;
  • marketing and business relationship management;
  • security monitoring, fraud prevention, and legal compliance.

This Policy does not generally govern personal data contained in workspace content, uploaded files, financial statements, saved companies, folders, models, notes, or reports that our business customers submit to the Service on their own behalf. In those situations, the customer organization typically decides why and how the personal data is processed, and Vynt acts as a processor or service provider on the customer's documented instructions. If you use Vynt through an organization account, that organization may be responsible for providing you with its own privacy notice.

2. Who We Are

For privacy questions and requests relating to the personal data described in this Policy, contact us at:

3. Personal Data We Collect

Depending on how you interact with Vynt, we may collect the following categories of personal data.

a. Identity and business contact information

Name, work email address, phone number, company name, department, job title, country, and other business profile information.

b. Account and authentication data

Username, password hash, single sign-on identifiers, multi-factor authentication settings, user role, workspace membership, user preferences, and administrative audit data related to account access.

c. Billing and transaction data

Billing contact details, company address, tax or VAT information, invoices, payment status, subscription history, and limited payment-related metadata. Full payment card details are typically processed by our payment service providers rather than stored directly by Vynt.

d. Customer workspace data

Files, financial statements, cap tables, valuation models, assumptions, notes, comments, saved companies, folder structures, report exports, and related metadata that users choose to upload, create, import, or generate in the Service. This content may contain personal data depending on what the customer chooses to process.

e. Integration and third-party source data

Connected provider names, connected account identifiers, authorization tokens, sync settings, imported datasets, and metadata received through integrations with accounting platforms, data vendors, storage tools, CRM systems, or other third-party services enabled by the customer.

f. Device, usage, and log data

IP address, device identifiers, browser type, operating system, pages viewed, features used, timestamps, login activity, diagnostic logs, cookie identifiers, and similar technical information.

g. Support and communication data

Emails, chat messages, support tickets, call notes, meeting notes, survey responses, webinar attendance, event registrations, and attachments you share with us.

h. Marketing and preference data

Subscription preferences, consent records, campaign interactions, and high-level business interest data.

We do not intentionally seek to collect special categories of personal data unless this is necessary for a legitimate and lawful purpose. Because customers can upload their own content into the Service, we ask customers not to include sensitive personal data unless they have a lawful basis and a clear operational need to do so.

4. How We Collect Personal Data

We collect personal data:

  • directly from you, such as when you create an account, request a demo, contact support, subscribe, attend an event, or communicate with us;
  • from your employer, workspace administrator, or another representative of your organization who invites you to the Service or purchases a subscription;
  • automatically when you access or use the website or Service;
  • from third-party services and data providers that you or your organization connect to the Service;
  • from publicly available sources and business partners, where permitted by law.

5. How We Use Personal Data and Our Legal Bases

Depending on the context and applicable law, we use personal data for the following purposes and legal bases.

a. To provide and administer the Service

We use personal data to create and manage accounts, authenticate users, provision access, manage workspaces, enable integrations, process transactions, deliver report exports, and provide core platform functionality. Our legal basis is typically performance of a contract, taking steps at your request before entering into a contract, and/or our legitimate interests in operating and improving our business.

b. To provide onboarding, demos, and support

We use personal data to respond to inquiries, provide demonstrations, train users, troubleshoot issues, and communicate about implementation or support matters. Our legal basis is performance of a contract, pre-contractual steps, and/or our legitimate interests in supporting users and prospective customers.

c. To secure the Service and prevent misuse

We use personal data to log events, detect suspicious behavior, enforce plan limits, protect against fraud, investigate incidents, maintain backups, and preserve the confidentiality, integrity, and availability of the Service. Our legal basis is our legitimate interests in maintaining a secure and reliable service, and where applicable compliance with legal obligations.

d. To manage billing, accounting, tax, and records

We use personal data to issue invoices, collect payments, administer subscriptions, maintain accounting records, and comply with tax and financial reporting obligations. Our legal basis is performance of a contract and compliance with legal obligations.

e. To improve and develop the Service

We use usage information, feedback, support trends, and service telemetry to diagnose problems, analyze performance, improve workflows, develop features, and understand how our users interact with the Service. Where possible, we use aggregated or de-identified data for these purposes. Our legal basis is our legitimate interests in improving the Service.

f. To send product, service, and marketing communications

We use personal data to send transactional communications, service updates, security notices, legal notices, newsletters, event invitations, and marketing communications. Where required by law, we rely on consent for certain marketing communications or non-essential cookies. Otherwise, we may rely on our legitimate interests in promoting our services to business users, subject to your right to opt out.

g. To comply with law and enforce our rights

We may use personal data to comply with applicable law, protect our rights, respond to lawful requests from authorities, resolve disputes, and enforce our agreements. Our legal basis is compliance with legal obligations and/or our legitimate interests in protecting our business.

h. Cookies and similar technologies

We use strictly necessary cookies and similar technologies to provide login, session management, security, and core website functionality. We may also use analytics or similar technologies where permitted by law and, where required, on the basis of your consent.

6. Controller and Processor Roles

Vynt does not have the same role for every type of data processing.

When Vynt acts as a controller

We generally act as a controller for website analytics, demo and sales leads, account registration, billing contacts, contract management, direct communications, support operations, security logs, and our own marketing activities.

When Vynt acts as a processor or service provider

When a customer uses Vynt to upload files, analyze financial statements, build valuation models, organize companies and folders, save workspace materials, or export reports that include personal data, the customer usually decides the purposes and means of that processing. In that situation, Vynt generally acts as a processor or service provider and processes the data on the customer's documented instructions.

If you are an Authorized User using Vynt through an organization, and you want to exercise privacy rights relating to workspace data controlled by that organization, you should usually contact your organization first. We will assist our customers with such requests where required by law and our contractual obligations.

7. Disclosures of Personal Data

We may disclose personal data to the following categories of recipients, as necessary for the purposes described in this Policy:

  • Service providers and subprocessors, such as providers of hosting, infrastructure, authentication, communications, customer support tools, analytics, security monitoring, and payment processing;
  • Third-party integrations and data providers when you or your organization enable them or direct us to share data with them;
  • Affiliates and corporate group entities, where relevant for internal administration, security, support, or contract performance;
  • Professional advisers, such as lawyers, auditors, insurers, accountants, and financing counterparties, subject to appropriate confidentiality obligations;
  • Competent authorities, regulators, courts, law enforcement, and tax authorities, where disclosure is required by law or is necessary to establish, exercise, or defend legal claims;
  • Transaction counterparties, if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business or assets;
  • Workspace administrators and customer representatives, who may be able to access account, usage, and audit information associated with users in their organization.

We can provide information about relevant subprocessors on request or through our customer documentation, where applicable.

8. International Data Transfers

Vynt may process personal data in countries other than the country in which the data was collected. If personal data originating in the EEA, the UK, or Switzerland is transferred to a country that is not recognized as providing an adequate level of protection, we will rely on an appropriate transfer mechanism under applicable law, such as Standard Contractual Clauses, an adequacy decision, or another lawful safeguard.

Where required by law, we will provide additional information about the relevant transfer mechanism and how to obtain a copy of it, subject to confidentiality and redaction where appropriate.

9. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, maintain security, comply with legal obligations, resolve disputes, enforce agreements, and support legitimate business operations.

Retention periods depend on the nature of the data, the context in which it was collected, customer instructions, applicable limitation periods, and legal or regulatory requirements. For example:

  • account and business contact data are generally retained while the relationship is active and for a reasonable period afterward;
  • billing and transaction records are retained as required by tax, accounting, and audit laws;
  • support communications and logs may be retained for troubleshooting, security, and quality purposes;
  • customer workspace data is retained according to our contract with the customer, the customer's instructions, and our backup and deletion practices.

If we anonymize data so that it can no longer reasonably be linked to an individual, we may retain and use that anonymized information for lawful business purposes.

10. Security

We implement technical and organizational measures designed to protect personal data against unauthorized or unlawful access, loss, misuse, alteration, or disclosure. These measures may include access controls, role-based permissions, encryption in transit and where appropriate at rest, logging, monitoring, backup processes, and internal security procedures.

No security measure is perfect, and no method of transmission or storage is completely secure. Customers and users are also responsible for using strong passwords, protecting credentials, enabling security features made available by the Service, and configuring workspace permissions appropriately.

11. Automated Processing

Vynt uses automated tools to perform calculations, generate dashboards, prepare reports, and support financial analysis workflows. However, Vynt does not use personal data to make solely automated decisions about individuals that produce legal effects or similarly significant effects, unless expressly disclosed otherwise and supported by an appropriate legal basis.

12. Your Privacy Rights

Depending on your location and the applicable law, you may have rights to:

  • request access to personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to certain processing, especially where based on legitimate interests or direct marketing;
  • request portability of personal data you provided to us, where applicable;
  • withdraw consent where processing is based on consent;
  • not be subject to certain automated decision-making where applicable;
  • lodge a complaint with a competent supervisory authority or regulator.

13. Cookies and Similar Technologies

We use cookies and similar technologies on our website and, in some cases, within the Service.

Strictly necessary cookies may be used without consent where permitted by law because they are required for core functions such as authentication, session continuity, load balancing, fraud prevention, and security. Analytics, personalization, or similar non-essential technologies are only used where allowed by law and, where required, on the basis of consent.

You can manage cookies through your browser settings and, where applicable, through our cookie banner or preference tools. Disabling certain cookies may affect the functionality of the website or Service.

14. Third-Party Services and External Links

The Service may contain links to third-party websites, products, or services, and may display or import data from third-party providers. This Policy does not govern the privacy practices of those third parties. We encourage you to review the privacy notices and contractual terms of any third-party service you use.

15. Children's Privacy

Vynt is designed for business and professional use and is not directed to children. We do not knowingly collect personal data directly from children under the age at which they can validly consent under applicable law. If you believe that a child has provided personal data to us unlawfully, contact us so that we can take appropriate steps.

16. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, applicable law, or our data practices. If we make a material change, we will provide reasonable notice, such as by updating the effective date, posting a notice on our website, or notifying customers through the Service or by email where appropriate.

17. Contact Us and Complaints

If you have questions about this Privacy Policy or our privacy practices, or if you want to exercise your rights, contact us at:

If you are in the EEA, UK, Switzerland, or another jurisdiction that grants you this right, you may also lodge a complaint with the relevant data protection authority in your place of residence, work, or alleged infringement.